Argus 3.0 dies in daemon mode

Carter Bullard carter at qosient.com
Wed Sep 3 17:05:46 EDT 2008


Hey Michael,
If you feel adventurous, comment out the two "freopen()" calls in  
argus.c,
recompile, and then see what kind of messages you get.  If you're not
that adventurous, take out the GENERATE_PID directive in the argus.conf
file.  You maybe getting a "Can't create PID directory/file" like  
error message.

Carter

On Sep 3, 2008, at 4:40 PM, Michael Grinnell wrote:

> Carter,
>
> ./bin/argus -F /etc/argus.conf -D8 & works fine.  I'll try the dev  
> version this evening and let you know.
>
> Thanks,
> Michael
>
>
> On Sep 3, 2008, at 4:30 PM, Carter Bullard wrote:
>
>> Hey Michael,
>> When argus goes into daemon mode, it closes stdout and stderr,
>> and the debug output stops (no place for it to go), so if there is an
>> error that causes argus to exit, but doesn't generate an ArgusLog
>> message, you will not see the error message.
>>
>> Does this work at all?
>>
>>   ./bin/argus -F /etc/argus.conf -D8 &
>>
>> Try the argus-3.0.1 that is in the ftp://qosient.com/dev/argus-3.0
>> directory to see if things are any better.
>>
>> Carter
>>
>>
>> On Sep 3, 2008, at 3:45 PM, Michael Grinnell wrote:
>>
>>> Hi,
>>>
>>> I'm upgrading to Argus 3.0.  I have installed the version from  
>>> April 18, 2008.  When I run it in foreground mode, it works fine,  
>>> but when I try and start it as a daemon, it seems to die.  There  
>>> is no seg fault and there are no messages in /var/log/messages.   
>>> OS is CentOS release 5.2 (Final) (Linux 2.6.18-92.1.10.el5 #1 SMP  
>>> Tue Aug 5 07:41:53 EDT 2008 i686 i686 i386 GNU/Linux)
>>>
>>> /var/log/messages:
>>> Sep  3 15:33:31 argus kernel: device eth1 entered promiscuous mode
>>> Sep  3 15:33:31 argus kernel: device eth1 left promiscuous mode
>>>
>>> -D 8 gives the following output.
>>> [root at argus argus-3.0.0]# ./bin/argus -F /etc/argus.conf -d -D 8
>>> argus[21915]: 03 Sep 08 15:33:31.481669 ArgusCalloc (1, 704)  
>>> returning 0xa003008
>>> argus[21915]: 03 Sep 08 15:33:31.481794 ArgusCalloc (1, 40)  
>>> returning 0xa003328
>>> argus[21915]: 03 Sep 08 15:33:31.481811 ArgusNewList () returning  
>>> 0xa003328
>>> argus[21915]: 03 Sep 08 15:33:31.481829 ArgusCalloc (1, 20)  
>>> returning 0xa003358
>>> argus[21915]: 03 Sep 08 15:33:31.481849 ArgusCalloc (65536, 4)  
>>> returning 0xb7ee2008
>>> argus[21915]: 03 Sep 08 15:33:31.481865 ArgusNewHashTable (65536)  
>>> returning 0xa003358
>>> argus[21915]: 03 Sep 08 15:33:31.481882 ArgusCalloc (1, 104)  
>>> returning 0xa003370
>>> argus[21915]: 03 Sep 08 15:33:31.481897 ArgusCalloc (1, 64)  
>>> returning 0xa0033e0
>>> argus[21915]: 03 Sep 08 15:33:31.481911 ArgusNewQueue () returning  
>>> 0xa0033e0
>>> argus[21915]: 03 Sep 08 15:33:31.481926 ArgusCalloc (1, 64)  
>>> returning 0xa003920
>>> argus[21915]: 03 Sep 08 15:33:31.481940 ArgusNewQueue () returning  
>>> 0xa003920
>>> argus[21915]: 03 Sep 08 15:33:31.481956 ArgusCalloc (1, 112)  
>>> returning 0xa003968
>>> argus[21915]: 03 Sep 08 15:33:31.481971 ArgusNewModeler()  
>>> returning 0xa003008
>>> argus[21915]: 03 Sep 08 15:33:31.481993 ArgusCalloc (1, 330552)  
>>> returning 0xb7e91008
>>> argus[21915]: 03 Sep 08 15:33:31.482012 ArgusNewSource() returning  
>>> 0xb7e91008
>>> argus[21915]: 03 Sep 08 15:33:31.482032 ArgusCalloc (1, 128)  
>>> returning 0xa0039e0
>>> argus[21915]: 03 Sep 08 15:33:31.482048 ArgusCalloc (1, 64)  
>>> returning 0xa003a68
>>> argus[21915]: 03 Sep 08 15:33:31.482062 ArgusNewQueue () returning  
>>> 0xa003a68
>>> argus[21915]: 03 Sep 08 15:33:31.482075 ArgusNewOutput() returning  
>>> retn 0xa0039e0
>>> argus[21915]: 03 Sep 08 15:33:31.482099  
>>> setArgusMarReportInterval(60) returning
>>> argus[21915]: 03 Sep 08 15:33:31.485103 setArgusID(0xa003008,  
>>> 0x930901ca) done
>>> argus[21915]: 03 Sep 08 15:33:31.485168 setArgusID(0xa003008,  
>>> 0x930901ca) done
>>> argus[21915]: 03 Sep 08 15:33:31.485215 setArgusID(0xa003008,  
>>> 0x930901ca) done
>>> argus[21915]: 03 Sep 08 15:33:31.485266  
>>> clearArgusDevice(0xb7e91008) returning
>>> argus[21915]: 03 Sep 08 15:33:31.485315 ArgusCalloc (1, 40)  
>>> returning 0xa004548
>>> argus[21915]: 03 Sep 08 15:33:31.485361 ArgusNewList () returning  
>>> 0xa004548
>>> argus[21915]: 03 Sep 08 15:33:31.485403 ArgusCalloc (1, 8)  
>>> returning 0xa003df0
>>> argus[21915]: 03 Sep 08 15:33:31.485447 ArgusPushFrontList  
>>> (0xa004548, 0xa003df0, 1) returning 0xbfec03d4
>>> argus[21915]: 03 Sep 08 15:33:31.485488 setArgusDevice(eth1)  
>>> returning
>>> argus[21915]: 03 Sep 08 15:33:31.485718 ArgusDeleteList (0x0, 2)  
>>> returning
>>> argus[21915]: 03 Sep 08 15:33:31.485780 ArgusCalloc (1, 40)  
>>> returning 0xa003d98
>>> argus[21915]: 03 Sep 08 15:33:31.485827 ArgusNewList () returning  
>>> 0xa003d98
>>> argus[21915]: 03 Sep 08 15:33:31.485876 ArgusCalloc (1, 12)  
>>> returning 0xa003dc8
>>> argus[21915]: 03 Sep 08 15:33:31.485922 ArgusPushFrontList  
>>> (0xa003d98, 0xa003dc8, 1) returning 0xbfec03d6
>>> argus[21915]: 03 Sep 08 15:33:31.485976  
>>> setArgusMarReportInterval(60) returning
>>> argus[21915]: 03 Sep 08 15:33:31.486048 ArgusParseResourceFile (/ 
>>> etc/argus.conf) returning
>>> argus[21915]: 03 Sep 08 15:33:31.486114 setArgusInterfaceStatus(1)
>>> [root at argus argus-3.0.0]#
>>>
>>> /etc/argus.conf
>>> ARGUS_FLOW_TYPE="Bidirectional"
>>> ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"
>>> ARGUS_MONITOR_ID=`hostname`
>>> ARGUS_INTERFACE=eth1
>>> ARGUS_SETUSER_ID=argus
>>> ARGUS_SETGROUP_ID=argus
>>> ARGUS_OUTPUT_FILE=/var/log/argus/argus.out
>>> ARGUS_SET_PID=yes
>>> ARGUS_PID_PATH="/var/run"
>>> ARGUS_FLOW_STATUS_INTERVAL=5
>>> ARGUS_MAR_STATUS_INTERVAL=60
>>> ARGUS_GENERATE_RESPONSE_TIME_DATA=yes
>>> ARGUS_GENERATE_PACKET_SIZE=yes
>>> ARGUS_GENERATE_JITTER_DATA=yes
>>> ARGUS_GENERATE_MAC_DATA=no
>>> ARGUS_GENERATE_APPBYTE_METRIC=yes
>>> ARGUS_GENERATE_TCP_PERF_METRIC=yes
>>> ARGUS_GENERATE_BIDIRECTIONAL_TIMESTAMPS=yes
>>>
>>> Any thoughts?  Has any one seen this before?
>>>
>>> Thanks,
>>>
>>> Michael
>>>
>>>
>>>
>>>
>>
>
>




More information about the argus mailing list